package com.java.interceptor;

import com.java.model.Permission;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.util.ArrayList;
import java.util.List;

/**
 *  权限拦截器
 */
public class PermissionInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        // 获取请求的URI
        String uri = request.getRequestURI();

        // 判断是否是登录请求或跳转登录请求, 是则放行
        if (uri.indexOf("/login") != -1 || uri.indexOf("/indexSkip") != -1 || uri.indexOf("/permissions") != -1 ||
                uri.indexOf("/front/frontIndex") != -1 || uri.indexOf("/front/weChat") != -1 || uri.indexOf("/front/session") != -1 ||
                uri.indexOf("/front/frontLogin") != -1 || uri.indexOf("/front/frontReg") != -1 || uri.indexOf("/front/frontGetpass") != -1 ||
                uri.indexOf("/userLogin/message") != -1 || uri.indexOf("/userLogin/save") != -1 || uri.indexOf("/userLogin/advertisingLogin") != -1 ||
                uri.indexOf("/front/consulting") != -1 || uri.indexOf("/front/contribute") != -1 || uri.indexOf("/apply/files") != -1 ||
                uri.indexOf("/apply/file") != -1 || uri.indexOf("/front/topUp") != -1 || uri.indexOf("/front/addAmount") != -1 || uri.indexOf("/front/search") != -1 ||
                uri.indexOf("/apply/save") != -1 || uri.indexOf("/front/seoserve") != -1 || uri.indexOf("/order/orderList") != -1 ||
                uri.indexOf("/order/yes") != -1 || uri.indexOf("/order/no") != -1 || uri.indexOf("/mediaAccountLogin/login") != -1 ||
                uri.indexOf("/mediaAccountLogin/save") != -1 || uri.indexOf("/mediaAccount/message") != -1) {
            return true;
        }

        //判断当前请求是否在权限管理中， 如果不在则直接放行
        HttpSession session = request.getSession();
        List<Permission> permissionList = (List<Permission>) session.getAttribute("permissionList");
        List<String> permissionUriList = new ArrayList<>(); // 存放所有权限
        for (Permission permission : permissionList) {
            permissionUriList.add(permission.getPermiUrl());
        }
        if (!permissionUriList.contains(uri)) { // 没有被权限管理
            return true;
        }

        // 判断当前登录管理员是否有当前请求的权限
        // 获取管理员拥有的权限
        List<Permission> userPermissionList = (List<Permission>) session.getAttribute("userPermissionList");
        List<String> loginPermissionUriList = new ArrayList<>(); // 存放所有权限
        for (Permission permission : userPermissionList) {
            loginPermissionUriList.add(permission.getPermiUrl());
        }
        if (!loginPermissionUriList.contains(uri)) { // 没有权限
            // 跳转到没有权限的页面
//            request.getRequestDispatcher("/WEB-INF/view/403.jsp").forward(request, response);
            // 如果没有登录则跳转到登录页面
            response.sendRedirect("/permissions");
            return false;
        }
        return true;
    }
}
